Zxv10 W300 Firmware Security Vulnerabilities and Issues — Zxv10 W300 Firmware CVE List

Lucene search

ZteZxv10 W300 Firmware

8 matches found

CVE•added 2020/02/20 6:15 p.m.•73 views

CVE-2014-4019

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.

7.5CVSS7.2AI score0.59441EPSS

CVE•added 2017/08/24 8:29 p.m.•50 views

CVE-2015-7259

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.

9CVSS8.4AI score0.33338EPSS

CVE•added 2014/07/16 2:19 p.m.•47 views

CVE-2014-4018

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

7.8CVSS7.4AI score0.06627EPSS

CVE•added 2015/12/30 5:59 a.m.•45 views

CVE-2015-8703

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.

6.5CVSS6.7AI score0.17232EPSS

CVE•added 2014/06/19 2:55 p.m.•41 views

CVE-2014-4155

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.

6.8CVSS7.7AI score0.002EPSS

CVE•added 2017/08/24 8:29 p.m.•41 views

CVE-2015-7257

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".

8.5CVSS7.9AI score0.16737EPSS

CVE•added 2017/08/24 8:29 p.m.•39 views

CVE-2015-7258

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.

9CVSS8.1AI score0.32589EPSS

CVE•added 2014/07/16 2:19 p.m.•37 views

CVE-2014-4154

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.

5CVSS7.3AI score0.10263EPSS